- name: Set up those proxy websites.  My, my..
  hosts: proxies-stg:proxies
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"


  pre_tasks:
  - name: Install policycoreutils-python
    package: name=policycoreutils-python state=present

  - name: Create /srv/web/ for all the goodies.
    file: >
        dest=/srv/web state=directory
        owner=root group=root mode=0755
    tags:
    - httpd
    - httpd/website

  - name: check the selinux context of webdir
    command: matchpathcon /srv/web
    register: webdir
    check_mode: no
    changed_when: "1 != 1"
    tags:
    - config
    - selinux
    - httpd
    - httpd/website

  - name: /srv/web file contexts
    command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
    when: webdir.stdout.find('httpd_sys_content_t') == -1
    tags:
    - config
    - selinux
    - httpd
    - httpd/website

  roles:

  - role: httpd/website
    name: fedoraproject.org
    cert_name: "{{wildcard_cert_name}}"
    server_aliases:
    - stg.fedoraproject.org
    - localhost

  # This is for all the other domains we own
  # that redirect to https://fedoraproject.org
  - role: httpd/website
    name: fedoraproject.com
    cert_name: "{{wildcard_cert_name}}"
    server_aliases:
    - fedora.asia
    - fedora.com.my
    - fedora.cr
    - fedora.events
    - fedora.me
    - fedora.mobi
    - fedora.my
    - fedora.org
    - fedora.org.cn
    - fedora.pe
    - fedora.pt
    - fedora.redhat.com
    - fedora.software
    - fedora.tk
    - fedora.us
    - fedora.wiki
    - fedoralinux.com
    - fedoralinux.net
    - fedoralinux.org
    - fedoraproject.asia
    - fedoraproject.cn
    - fedoraproject.co.uk
    - fedoraproject.com
    - fedoraproject.com.cn
    - fedoraproject.com.gr
    - fedoraproject.com.my
    - fedoraproject.cz
    - fedoraproject.eu
    - fedoraproject.gr
    - fedoraproject.info
    - fedoraproject.net
    - fedoraproject.net.cn
    - fedoraproject.org.uk
    - fedoraproject.pe
    - fedoraproject.su
    - projectofedora.org
    - www.fedora.asia
    - www.fedora.com.my
    - www.fedora.cr
    - www.fedora.events
    - www.fedora.me
    - www.fedora.mobi
    - www.fedora.org
    - www.fedora.org.cn
    - www.fedora.pe
    - www.fedora.pt
    - www.fedora.redhat.com
    - www.fedora.software
    - www.fedora.tk
    - www.fedora.us
    - www.fedora.wiki
    - www.fedoralinux.com
    - www.fedoralinux.net
    - www.fedoralinux.org
    - www.fedoraproject.asia
    - www.fedoraproject.cn
    - www.fedoraproject.co.uk
    - www.fedoraproject.com
    - www.fedoraproject.com.cn
    - www.fedoraproject.com.gr
    - www.fedoraproject.com.my
    - www.fedoraproject.cz
    - www.fedoraproject.eu
    - www.fedoraproject.gr
    - www.fedoraproject.info
    - www.fedoraproject.net
    - www.fedoraproject.net.cn
    - www.fedoraproject.org
    - www.fedoraproject.org.uk
    - www.fedoraproject.pe
    - www.fedoraproject.su
    - www.projectofedora.org
    - www.getfedora.com
    - getfedora.com
    - www.getfedora.org
    - fedoraplayground.org
    - fedoraplayground.com

  - role: httpd/website
    name: admin.fedoraproject.org
    server_aliases: [admin.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: cloud.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: mirrors.fedoraproject.org
    server_aliases:
    - mirrors.stg.fedoraproject.org
    - fedoramirror.net
    - www.fedoramirror.net
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: src.fedoraproject.org
    server_aliases: [src.stg.fedoraproject.org]
    cert_name: "{{wildcard_cert_name}}"
    sslonly: true

  - role: httpd/website
    name: download.fedoraproject.org
    server_aliases:
    - download01.fedoraproject.org
    - download02.fedoraproject.org
    - download03.fedoraproject.org
    - download04.fedoraproject.org
    - download05.fedoraproject.org
    - download06.fedoraproject.org
    - download07.fedoraproject.org
    - download08.fedoraproject.org
    - download09.fedoraproject.org
    - download10.fedoraproject.org
    - download-rdu01.fedoraproject.org
    - download.stg.fedoraproject.org
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: translate.fedoraproject.org
    server_aliases: [translate.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: spins.fedoraproject.org
    server_aliases:
    - spins.stg.fedoraproject.org
    - spins-test.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: labs.fedoraproject.org
    server_aliases:
    - labs.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: arm.fedoraproject.org
    server_aliases:
    - arm.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: budget.fedoraproject.org
    server_aliases:
    - budget.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: boot.fedoraproject.org
    server_aliases: [boot.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: boot.fedoraproject.org
    server_aliases: [boot.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: smolts.org
    ssl: false
    server_aliases:
    - smolt.fedoraproject.org
    - stg.smolts.org
    - www.smolts.org
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: docs.fedoraproject.org
    server_aliases:
    - doc.fedoraproject.org
    - docs.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: docs-old.fedoraproject.org
    server_aliases:
    - docs-old.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: bodhi.fedoraproject.org
    sslonly: true
    server_aliases: [bodhi.stg.fedoraproject.org]
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: flocktofedora.org
    server_aliases:
    - flocktofedora.org
    - www.flocktofedora.org
    ssl: true
    sslonly: true
    cert_name: flocktofedora.org
    SSLCertificateChainFile: flocktofedora.org.intermediate.cert

  - role: httpd/website
    name: flocktofedora.net
    server_aliases:
    - flocktofedora.com
    - www.flocktofedora.net
    - www.flocktofedora.com
    ssl: false

  - role: httpd/website
    name: fedora.my
    server_aliases:
    - fedora.my
    ssl: false

  - role: httpd/website
    name: copr.fedoraproject.org
    ssl: true
    # We need sslonly=false because copr-cli hardcoded http
    sslonly: false
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: bugz.fedoraproject.org
    server_aliases: [bugz.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: fas.fedoraproject.org
    server_aliases:
    - fas.stg.fedoraproject.org
    - accounts.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: fedoracommunity.org
    server_aliases:
    - www.fedoracommunity.org
    - stg.fedoracommunity.org
    - fedoraproject.community
    - fedora.community
    - www.fedora.community
    - www.fedoraproject.community
    ssl: false
    cert_name: fedoracommunity.org
    SSLCertificateChainFile: fedoracommunity.org.intermediate.cert

  - role: httpd/website
    name: get.fedoraproject.org
    server_aliases: [get.stg.fedoraproject.org]
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: help.fedoraproject.org
    server_aliases: [help.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: it.fedoracommunity.org
    server_aliases: [it.fedoracommunity.org]
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: uk.fedoracommunity.org
    server_aliases:
    - uk.fedoracommunity.org
    - www.uk.fedoracommunity.org
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: tw.fedoracommunity.org
    server_aliases:
    - tw.fedoracommunity.org
    - www.tw.fedoracommunity.org
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: communityblog.fedoraproject.org
    server_aliases: [communityblog.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: people.fedoraproject.org
    server_aliases: [people.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: join.fedoraproject.org
    server_aliases: [join.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: l10n.fedoraproject.org
    server_aliases: [l10n.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: start.fedoraproject.org
    server_aliases: [start.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: kde.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: nightly.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: store.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: port389.org
    server_aliases:
    - www.port389.org
    - 389tcp.org
    - www.389tcp.org
    ssl: false
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: whatcanidoforfedora.org
    server_aliases:
    - www.whatcanidoforfedora.org
    ssl: true
    sslonly: true
    cert_name: whatcanidoforfedora.org
    SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt
    certbot: true
    tags:
    - whatcanidoforfedora.org

  - role: httpd/website
    name: fedoramagazine.org
    server_aliases: [www.fedoramagazine.org stg.fedoramagazine.org]
    cert_name: fedoramagazine.org
    SSLCertificateChainFile: fedoramagazine.org.intermediate.cert
    sslonly: true

  - role: httpd/website
    name: k12linux.org
    server_aliases:
    - www.k12linux.org
    ssl: false
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: fonts.fedoraproject.org
    server_aliases: [fonts.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: meetbot.fedoraproject.org
    server_aliases: [meetbot.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: meetbot-raw.fedoraproject.org
    server_aliases: [meetbot-raw.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: fudcon.fedoraproject.org
    server_aliases: [fudcon.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: ask.fedoraproject.org
    server_aliases: [ask.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: badges.fedoraproject.org
    server_aliases: [badges.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: darkserver.fedoraproject.org
    server_aliases: [darkserver.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: paste.fedoraproject.org
    server_aliases:
    - paste.stg.fedoraproject.org
    - modernpaste.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

#
# Make a website here so we can redirect it to paste.fedoraproject.org
#
  - role: httpd/website
    name: fpaste.org
    server_aliases:
    - www.fpaste.org
    cert_name: fpaste.org
    SSLCertificateChainFile: fpaste.org.intermediate.cert
    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'

  - role: httpd/website
    name: fpaste.org
    server_aliases:
    - www.fpaste.org
    cert_name: "{{wildcard_cert_name}}"
    when: inventory_hostname != 'proxy01.phx2.fedoraproject.org'

  - role: httpd/website
    name: koji.fedoraproject.org
    sslonly: true
    server_aliases:
    - koji.stg.fedoraproject.org
    - kojipkgs.stg.fedoraproject.org
    - buildsys.fedoraproject.org
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: ppc.koji.fedoraproject.org
    sslonly: true
    certbot: true
    server_aliases:
    - ppcpkgs.fedoraproject.org
    cert_name: secondary.koji.fedoraproject.org.letsencrypt
    SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
    tags:
    - ppc.koji.fedoraproject.org

  - role: httpd/website
    name: s390.koji.fedoraproject.org
    sslonly: true
    certbot: true
    server_aliases:
    - s390pkgs.fedoraproject.org
    cert_name: secondary.koji.fedoraproject.org.letsencrypt
    SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
    tags:
    - s390.koji.fedoraproject.org

  - role: httpd/website
    name: arm.koji.fedoraproject.org
    sslonly: true
    certbot: true
    server_aliases:
    - armpkgs.fedoraproject.org
    cert_name: secondary.koji.fedoraproject.org.letsencrypt
    SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
    tags:
    - arm.koji.fedoraproject.org

  - role: httpd/website
    name: kojipkgs.fedoraproject.org
    sslonly: true
    server_aliases:
    - kojipkgs01.fedoraproject.org
    - kojipkgs02.fedoraproject.org
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: apps.fedoraproject.org
    server_aliases: [apps.stg.fedoraproject.org]
    sslonly: true
    gzip: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: pdc.fedoraproject.org
    server_aliases: [pdc.stg.fedoraproject.org]
    sslonly: true
    gzip: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: developer.fedoraproject.org
    server_aliases: [developer.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  # This is just a redirect to developer, to make it easier for people to get
  # here from Red Hat's developers.redhat.com (ticket #5216).
  - role: httpd/website
    name: developers.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: osbs.fedoraproject.org
    server_aliases: [osbs.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: os.fedoraproject.org
    server_aliases: [os.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    tags:
    - os.fedoraproject.org

  - role: httpd/website
    name: app.os.fedoraproject.org
    server_aliases: ["*.app.os.fedoraproject.org", "*.app.os.stg.fedoraproject.org"]
    sslonly: true
    cert_name: "{{os_wildcard_cert_name}}"
    SSLCertificateChainFile: "{{os_wildcard_int_file}}"
    tags:
    - app.os.fedoraproject.org

  - role: httpd/website
    name: registry.fedoraproject.org
    server_aliases: [registry.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: candidate-registry.fedoraproject.org
    server_aliases: [candidate-registry.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: retrace.fedoraproject.org
    server_aliases: [retrace.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"

  - role: httpd/website
    name: faf.fedoraproject.org
    server_aliases: [faf.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"

  - role: httpd/website
    name: alt.fedoraproject.org
    server_aliases:
    - alt.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  # Kinda silly that we have two entries here, one for prod and one for stg.
  # This is inherited from our puppet setup -- we can collapse them as soon as
  # is convenient.  -- threebean
  - role: httpd/website
    name: taskotron.fedoraproject.org
    server_aliases: [taskotron.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: taskotron.stg.fedoraproject.org
    server_aliases: [taskotron.stg.fedoraproject.org]
    # Set this explicitly to stg here.. as per the original puppet config.
    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"

  - role: httpd/website
    name: lists.fedoraproject.org
    server_aliases: [lists.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: lists.fedorahosted.org
    server_aliases: [lists.stg.fedorahosted.org]
    sslonly: true
    SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
    cert_name: wildcard-2017.fedorahosted.org

  - role: httpd/website
    name: id.fedoraproject.org
    server_aliases:
    - "*.id.fedoraproject.org"
    # Must not be sslonly, because example.id.fedoraproject.org must be reachable
    # via plain http for openid identity support
    cert_name: wildcard-2017.id.fedoraproject.org
    SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert

  - role: httpd/website
    name: id.stg.fedoraproject.org
    server_aliases:
    - "*.id.stg.fedoraproject.org"
    # Must not be sslonly, because example.id.fedoraproject.org must be reachable
    # via plain http for openid identity support
    cert_name: "{{wildcard_cert_name}}"
    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/website
    name: getfedora.org
    server_aliases: [stg.getfedora.org]
    sslonly: true
    cert_name: getfedora.org
    SSLCertificateChainFile: getfedora.org.intermediate.cert

  - role: httpd/website
    name: qa.fedoraproject.org
    cert_name: "{{wildcard_cert_name}}"
    sslonly: true

  - role: httpd/website
    name: openqa.fedoraproject.org
    cert_name: "{{wildcard_cert_name}}"
    server_aliases: [openqa.stg.fedoraproject.org]
    sslonly: true

  - role: httpd/website
    name: redirect.fedoraproject.org
    server_aliases: [redirect.stg.fedoraproject.org]
    sslonly: true
    gzip: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: geoip.fedoraproject.org
    server_aliases: [geoip.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: codecs.fedoraproject.org
    server_aliases: [codecs.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: beaker.qa.fedoraproject.org
    server_aliases: [beaker.qa.fedoraproject.org]
    # Set this explicitly to stg here.. as per the original puppet config.
    SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "qa.fedoraproject.org"

  - role: httpd/website
    name: beaker.stg.fedoraproject.org
    server_aliases: [beaker.stg.fedoraproject.org]
    # Set this explicitly to stg here.. as per the original puppet config.
    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"

  - role: httpd/website
    name: qa.stg.fedoraproject.org
    server_aliases: [qa.stg.fedoraproject.org]
    cert_name: qa.stg.fedoraproject.org
    SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    when: env == "staging"

  - role: httpd/website
    name: phab.qa.stg.fedoraproject.org
    server_aliases: [phab.qa.stg.fedoraproject.org]
    cert_name: qa.stg.fedoraproject.org
    SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    when: env == "staging"

  - role: httpd/website
    name: docs.qa.stg.fedoraproject.org
    server_aliases: [docs.qa.stg.fedoraproject.org]
    cert_name: qa.stg.fedoraproject.org
    SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    when: env == "staging"

  - role: httpd/website
    name: phab.qa.fedoraproject.org
    server_aliases: [phab.qa.fedoraproject.org]
    cert_name: qa.fedoraproject.org
    SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
    sslonly: true

  - role: httpd/website
    name: data-analysis.fedoraproject.org
    server_aliases: [data-analysis.stg.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: docs.qa.fedoraproject.org
    server_aliases: [docs.qa.fedoraproject.org]
    cert_name: qa.fedoraproject.org
    SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
    sslonly: true

  - role: httpd/website
    name: nagios.fedoraproject.org
    server_aliases: [nagios.stg.fedoraproject.org]
    SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: mbs.fedoraproject.org
    sslonly: true
    server_aliases: [mbs.stg.fedoraproject.org]
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
    name: odcs.fedoraproject.org
    sslonly: true
    server_aliases: [odcs.stg.fedoraproject.org]
    cert_name: "{{wildcard_cert_name}}"

# fedorahosted is retired. We have the site here so we can redirect it.

  - role: httpd/website
    name: fedorahosted.org
    sslonly: true
    server_aliases: [bzr.fedorahosted.org hg.fedorahosted.org svn.fedorahosted.org]
    SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
    cert_name: wildcard-2017.fedorahosted.org

  - role: httpd/website
    name: git.fedorahosted.org
    sslonly: true
    SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
    cert_name: wildcard-2017.fedorahosted.org
